[patch 45/45] fix fdset leakage

From: Greg KH
Date: Mon Jul 17 2006 - 12:34:28 EST

-stable review patch. If anyone has any objections, please let us know.

From: Kirill Korotaev <dev@xxxxxxxxxx>

When found, it is obvious. nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.

Found due to OpenVZ resource management (User Beancounters).

Signed-off-by: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Signed-off-by: Kirill Korotaev <dev@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

fs/file.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

--- linux-
+++ linux-
@@ -277,11 +277,13 @@ static struct fdtable *alloc_fdtable(int
} while (nfds <= nr);
new_fds = alloc_fd_array(nfds);
if (!new_fds)
- goto out;
+ goto out2;
fdt->fd = new_fds;
fdt->max_fds = nfds;
fdt->free_files = NULL;
return fdt;
+ nfds = fdt->max_fdset;
if (new_openset)
free_fdset(new_openset, nfds);

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/